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Method for securing data, key and communication network for applying the 
method 



The invention relates to a method for securing data by encoded transmission and/or 
storage of the data. The invention also relates to a key and a communication network for 
performing such a method. 

The increase in electronic data storage and electronic data exchange also entails an 
increased need to secure this data. Particularly the storage and exchange of data in larger 
networks, such as for instance Internet and Extranet, results in much use being made of 
coding (encryption). The data for coding is processed for this purpose by an encryption 
program which adds a determined key code to the coded data. Decoding of the coded 
data is for instance possible using the same encryption program remotely from the 
location where the coding took place. The conversion program is controlled for this 
purpose by the key code. The drawback of the available methods is that the key code is 
added to the coded data so that this code is relatively simple to intercept. The key code 
can then be broken. Any key code can ultimately be broken, with a greater or lesser 
degree of effort. Particularly in the case of storage and exchange of confidential data 
(such as for instance financial transactions, privacy-related information, strategic 
information etc.) it is of great importance that this data be coded as securely as possible. 

The present invention has for its object to provide an improved method for securing 
data, and a key and communication networks adapted to apply the method according to 
the invention. 

The invention provides for this purpose a method for securing data by encrypted 
transmission of the data, wherein at least one data transmitter and at least one data 
receiver are both provided with physically embodied keys' for coding respectively 
decoding transmitted data such that a key code sent together with the transmitted data is 
unnecessary. A combination of transmitter and receiver preferably makes use herein of a 
predetermined unique key code, and in preference these co-acting keys can further both 
be applied for coding and decoding. Not adding the key code to the coded data makes it 
practically impossible to undo the encryption. Only if possession of the key code is 
obtained can it possibly be broken, depending on the quality of the key code used. The 
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key codes are however physically embedded and held by the transmitter and receiver. 
The key code can therefore not be acquired from a network by electronic means. This 
results in a dramatic increase in the security of coded data. It is noted that the method 
can only be applied when both transmitter and receiver possess a physically embodied 
key, wherein these keys must also be mutually compatible. When transmitter and 
receiver make use of a determined unique key code, no outsider at all will be able to 
decode the data traffic between these parties. When both co-acting keys are employed 
for both coding and decoding it is possible for two parties to be able to communicate 
fully with each other at an unprecedentedly high level of security. 

In another preferred application of the method a user group of a plurality of participants 
makes use of a plurality of keys for mutual communication such that each combination 
.of two participants in the user group applies a unique mutual key code. A cluster of 
users therefore who can all communicate with each other without other participants in 
the group being able to decode the data traffic between a transmitter and receiver in the 
group. The user group can additionally be provided with one or more collective key 
codes, thereby enabling direct communication with sub-groups or the whole user group- 
Communication of groups of users is thus also secured. 

In the case of for instance loss of a key or when for other reasons a user must be 
excluded from further secured data exchange, a key can be remotely deactivated once 
the signal therefor has been given at a central position. One condition for deactivation is 
that the key to be deactivated is then employed to decode respectively code data, since 
only when the central disabling signal reaches the card will it be disabled. The 
deactivation of a key is preferably irreversible, so that a thus deactivated key is not 
rcstorable and cannot be employed for later, possibly frauc^ulent use. 

The invention also pro\ ides a method for securing data by encoded storage of the data, 
wherein prior to storage the data is coded with a physically embodied key and upon 
retrieval is decoded with a physically embodied key. In accordance with the method for 
securing the data to be transmitted according to the invention, the key code does not 
form part of the coded data, in this case when it is stored. If an unauthorized person 
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comes into possession of the coded data, there is absolutely no possibility of decoding 
this data, because of the unprecedentedly high level of security due to the absence of the 
key code. 

5 In a preferred application of this method a plurality of physically embodied keys are 

provided with a corresponding key code for decoding the stored data. A plurality of key 
holders can thus decode stored coded data. A plurality of users can thus acquire access 
ip. a secure manner to protected information. When a plurality of physically embodied 
keys are provided with a corresponding key code for coding of data prior to storage, 

10 multiple users can also store coded data. 

In a preferred application of the method a key is remotely deactivated once the signal 
therefor is given at a central position and the key to be deactivated is employed to 
decode respectively code data. In accordance with the above description relating to 

15 deactivation of a key, it may be desired to disable a key in a particular situation. Aji 
initiative must be taken at a central position to bring this about. When the key for 
disabling then comes into contact, either directly or indirectly, with the central position 
where the signal for disabling has been given, the key will be disabled. The moment of 
disabling is therefore generally the first time the key is used after the disabhng signal 

20 has been given. 

The invention moreover provides a method for coding respectively decoding data, 
wherein prior to conversion the data for processing is accessed by at least two physically 
embodied sub-keys. It is herein possible for the data for processing to be simultaneously 

25 accessed by at least two physically embodied keys, but it is also possible to apply the 
method such that the data for processing must be accessed by at least two physically 
embodied sub-keys within a predetermined period of time. These keys also have key 
codes which are not added to the coded data. This method enables decoding of coded 
data only when at least two key codes are entered, optionally within a determined space 

30 of time. 
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The invention further provides a key for performing the above described method, 
wherein the key comprises an electronic component, such as for instance a chip, in 
which an electronic key code is embedded. In a preferred embodiment the electronic 
component is incorporated in a card, which card is also provided with contact surfaces 
5 connected to the electronic component. Such a key can contain ver>' complex algorithms 
with for instance time-dependent keys. It is also possible to embody such keys such that 
they contain paired key codes which only co-act with the key code of one other key.. 
This pairing can already be arranged during manufacture. Clusters of users for instance, 
also referred to above as user groups, can thus also be incorporated in the electronic 

10 component at a production stage. Here can be envisaged for instance a user group of a 
hundred individuals, each using unique mutual key codes. The use of a card, for 
instance with the size of a credit card, is user-friendly since cards of such a format are 
generally used, so that the management of such a card is also a normal phenomenon. 
Particularly advantageous is the use of a so-called "smartcard" \vhich is provided 

15 externally with electronic contact surfaces for connection of the electronic component to 
read means. 

The invention further provides a communication network for transmitting and/or storing 
data provided with at least one key reader for reading an above described key such that 
20 one of the above described methods can be applied. The communication network 

requires only a limited modification; the network must be provided with key readers, for 
instance smartcard readers, at the positions where transmitters and/or receivers are 
conjiected. 

25 The present in\ ention will be further elucidated with reference to the non-limitative 
embodiments shown in the follovvin^r fieures. Herein: 

Figure 1 shows a schematic view of a communication network according to the 
invention, 

30 Figure 2 shows a view of a key card according to the invention, and 

Figure 3 shows a view of a very limited communication network according to the 
invention. 
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Figure 1 shows a schematically depicted network 1 to which are connected three work- 
■ stations 2, 3, 4. Each of the work-stations 2, 3, 4 is provided respectively with its own 
key reader 5, 6, 7. Coded data exchange between work-stations 2 and 3 is only possible 
when two keys, for instance cards which are programmed/adjusted to a common key 
code, are inserted into key readers 5, 6. The coded data on network 1 contains no key 
code part and cannot therefore be decoded, or hardly so, by unauthorized persons. For 
communication between work-station 3 and work-station 4 the same keys can be used a^ 
for communication between work-stations 2 and 3. It is however also possible for two 
other key holders to make use of these work-stations or for one of the above mentioned 
key holders to now communicate with a new key holder. The earlier used key must 
contain for this purpose a specific other key code which is adjusted to the key code of 
the new user. Instead of mutual communication between two parties it is also possible to 
provide multiple users with the same key code so that it is possible to communicate in 
groups. 



As stated, the keys must preferably be adjusted to mutual communication during 
production. The cards will therefore have to be marketed as sets or larger groups. 
Another, slightly less secure option is to make the cards mutually compatible after the 
production stage, for instance by means of reciprocal input of the same setup code, 
20 which is translated by the key to a key code. 

Figure 2 shows a card 8 provided with standardized electronic contact surfaces 9. Such a 
card 8 is also referred to as a smartcard. An electronic chip (not shown) containing the 
key code is situated in card S. 



Figure 3 shows a very limited network 10 consisting of a work-station 1 1 to which are 
connected two key readers 12. 13. Work-station 1 1 can for instance be used for coded 
data storage, this data only being decodable when two keys co-acting for this purpose 
are inserted into key readers 12, 13. 

When two co-acting cards S are made commercially available which are both adapted to 
code and decode data, it may be useful to add to the set an additional card 8 with which 
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it is only possible to decode. If one of the two fully functioning cards 8 is lost, the card 
suitable only for decoding can then be employed for a time until a complete new set has 
been ordered. The spare card 8, which is adapted only to decode, must of course be kept 
in a secure location. If one of the two fully functioning cards S is lost, this card can be 
5 made unusable in accordance with the foregoing description. 

Although the invention is described with reference to only a few embodiments, it will be 
apparent to all that the invention is by no means limited to the described and shown 
embodiments. On the contrary, many variations are still possible for a skilled person 
10 within the scope of the invention. 
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1. Method for securing data by encrypted transmission of the data, wherein at least 
one data transmitter and at least one data receiver are both provided with physically 
embodied keys for coding respectively decoding transmitted data such that a key code 
sent together with the transmitted data is unnecessary. 

2. Method as claimed in claim 1, wherein a combination of transmitter and receiver 
makes use of a predetermined unique key code. 

3. Method as claimed in claim 1 or 2, wherein the co-acting keys are both applied 
for coding and decoding. 

4. Method as claimed in any of the foregoing claims, wherein a user group of a 
plurality of participants makes use of a plurahty of keys for mutual communication such 
that each combination of two participants in the user group applies a unique mutual key 
code. 

5. Method as claimed in any of the foregoing claims, wherein a key is remotely 
deactivated once the signal therefor has been given at a central position and the key to 
be deactivated is then employed to decode respectively code data. 

6. Method for securing data by encoded storage of the data, wherein prior to 
storage the data is coded with a physically embodied key and upon retrieval is decoded 
with a physically embodied key. 

7. Method as claimed in claim 6, wherein a plurality of physically embodied keys 
are provided with a corresponding key code for decoding the stored data. 

8. Method as claimed in claim 6 or 7, wherein a plurality of physically embodied 
keys are provided with a corresponding key code for coding of data prior to storage. 
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9. Method as claimed in any of the claims 6-8, wherein a key is remotely 
deactivated once the signal therefor is given at a central position and the key to be 
deactivated is employed to decode respectively code data. 

5 10. Method for coding respectively decoding data, wherein prior to conversion the 
data for processing is accessed by at least two physically embodied sub-keys. 

1 1. Method as claimed in claim 10, wherein the data for processing is 
simultaneously accessed by at least two physically embodied sub-keys. 

0 

12. Method as claimed in claim 10, wherein the data for processing is accessed by at 
least two physically embodied cub-keys within a predetermined period of time. 

13. Key for performing a method as claimed in any of the claims 1-12, wherein the 
5 key comprises an electronic component, such as for instance a chip, in which an 

electronic key code is embedded. 

14. Key as claimed in claim 13, wherein the electronic component is incorporated in 
a card, which card is also provided with contact surfaces connected to the electronic 
component. 

15. Communication network for transmitting and/or storing data provided with at 
least one key reader for reading a key as claimed in claim 13 or 14 such that a method as 
claimed in any of the claims 1-12 can be applied. 



,0124435A1_t_> 



wo 01/24435 



PCT/NLOO/00688 



1/1 




FIG. 1 



1 



1234 5678 0123 1234 



Aoo bb Ghhhhhhh 
Ccccc dd Eeeeee 12 
111 444 555 



FIG. 2 



10 



12 



~7 
11 



13 



FIG. 3 



INTERNATIONAL SEARCH REPORT 



Intern. <al Application No 

PCT/NL 00/00688 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 H04L9/00 H04L9/08 



According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minrnnum documentation searctied (classification system followed by classification svmbols) 

IPC 7 H04L 



Documentation searcfied ottier tfian minimum documentation lo the extent that such documents are included in the fields searched 



Electronic data base consulted during the cnternatwnal search (name of data base and. where practical, search terms used) 



EPO-Internal , WPI Data, INSPEC, PAJ 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category * Citation of document, with indication, where appropriate, of the relevant passages 



Relevant lo claim No. 



EP 0 613 105 A (FRANCE TELECOM) 
31 August 1994 (1994-08-31) 
column 3, line 38 - line 44- 
column 4, line 4 -column 5, line 42 

WO 98 39745 A (DEUTSCHE TELEKOM AG) 
11 September 1998 (1998-09-11) 
abstract 

page 2, line 23 -page 3, line 18 

-/-- 



I, 4,10, 

II, 13 



6 

5.9 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



" Special categories of dted documents : 



' document defining the general state of the art which is not 
considered to be of particular relevance 

' eariier document but published on or after the international 
filing date 

document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

' document referring to an oral disclosure, use. exhibition or 
other means 

document published prior to the international filing date but 
later than the priority date claimed 



'T' later document published after the intemalional filing date 
or priority date and not in conflict vwth the application but 
cited to understand the principle or theory underlyirig the 
invention 

'X' document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

document member of the same patent family 



Date of the actual completion of the international search 



22 January 2001 



Name and mailing address of the ISA 

European Patent Office. P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70) 340-3016 



Date of mailing of the international search report 



29/01/2001 



Authorized officer 



Holper, G 



Form FCT/ISA/210 (second shoot) (July 1992) 



MSDOCID: <WO 0124435A1_I.> 



page 1 of' 2 



INTERNATIONAL SEARCH REPORT 



Interna .al Application No 

PCT/NL 00/00688 



CCContlnuatlon) DOCUMENTS CONSiDERED TO BE RELEVANT 



Category " Cilalion or document, wilh indication. where appropriate, of the relevant passages 



Relevant to claim No. 



I 



FERREIRA R C: "THE SMART CARD: A HIGH 

SECURITY TOOL IN EDP" 

PHILIPS TELECOMMUNICATION 

REVIEW, NL, PHILIPS TELECOMMUNICATIE 

INDUSTRIE N.V. HILVERSUM, 

vol . 47, no. 3, 

I September 1989 (1989-09-01), pages 1-19, 
XP000072642 

page 3, last paragraph -page 5, line 22 

PATENT ABSTRACTS OF JAPAN 

vol . 1998, no. 13, 

30 November 1998 (1998-11-30) 

& JP 10 214233 A (TOSHIBA CORP), 

II August 1998 (1998-08-11) 
abstract 



1,6 



Form PCT/1SAA210 <continuaiion of eooond shoot) (July 1992) 

vJSDOClD: <WO. 012443SAlJ„> 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 

tnformatfon on patent family members 



Intemt at Application No 

PCT/NL 00/00688 



Patent document 
cited in search report 



Publication 
date 



Patent family 
member(8) 



Publication 
date 



EP 0613105 



WO 9839745 



31-08-1994 



FR 
DE 
DE 
US 



2702066 A 
69408176 D 
69408176 T 
. 5602915 A 



11-09-1998 



EP 
NO 



0970449 A 
994235 A 



JP 10214233 A 



11-08-1998 



US 



6085323 A 



02-09-1994 
05-03-1998 
30-07-1998 

11- 02-1997 

12- 01-2000 
28-10-1999 



04-07-200.; 



Form PCT/lSA/210 (patent (amiy annex) (July 1992) 
iNSDOCID: <WO 0124435A1 I > 



